The thing about Android TV is that it’s Android, the same operating system used by tablets and smartphones – and that’s good, because it’s very powerful. But it also means that it’s quite complex, and that complexity inevitably leads to the odd loophole. The latest such loophole on Android TVs could potentially let other people access your Gmail, but the good news is that Google is working on a fix for it.
The problem was reported this week by 404 Media, which makes it clear that the problem doesn’t mean your neighbor will suddenly be able to get into your inbox: the other person needs physical access to your TV. But a risk is still a risk, and Google says it’s now working on a fix for the issue.
So how on earth does your TV expose your email? It’s all about the logins.
Why Android TVs can potentially expose your email
The exploit takes advantage of Android’s Google account login, which is what enables you to log in automatically to your apps without having to enter your account details every time you want to use one of your TV’s apps. Those apps don’t include the Chrome browser, but there’s a way around that – and if you can get Chrome onto a TV where the user is logged in, then you can get that browser to open up their Gmail with the same login credentials.
Google told 404 Media that “most Google TV devices running the latest versions of software already do not allow this depicted behavior [but] we are in the process of rolling out a fix to the rest of devices”.
Although this particular exploit isn’t likely to affect many people and will be eliminated fairly soon anyway, it does act as an important reminder that we need to keep even the best TVs up to date with the latest OS and security updates too: it’s easy to forget sometimes that your TV is just a computer with a really big display panel glued to it, and that means it’s potentially vulnerable to the same kind of security issues that all our other devices are potentially vulnerable to.